Skip to main content

CAS Server

Using SetherAuth as a CAS Server

SetherAuth can now be used as a CAS server. It currently supports CAS 3.0.

Overview

The CAS endpoint prefix in SetherAuth is

https://auth.sether.com/cas/<organization_id>/<application_id>`

Here is an example with an application id aa198ce2-f9e3-47a9-b999-86d873140bac under the organization 14326f79-53bc-4146-85e8-60a091273756:

  • /login endpoint: https://auth.sether.com/cas/14326f79-53bc-4146-85e8-60a091273756/aa198ce2-f9e3-47a9-b999-86d873140bac/login
  • /logout endpoint: https://auth.sether.com/cas/14326f79-53bc-4146-85e8-60a091273756/aa198ce2-f9e3-47a9-b999-86d873140bac/logout
  • /serviceValidate endpoint: https://auth.sether.com/cas/14326f79-53bc-4146-85e8-60a091273756/aa198ce2-f9e3-47a9-b999-86d873140bac/serviceValidate
  • /proxyValidate endpoint: https://auth.sether.com/cas/14326f79-53bc-4146-85e8-60a091273756/aa198ce2-f9e3-47a9-b999-86d873140bac/proxyValidate
  • /proxy endpoint: https://auth.sether.com/cas/14326f79-53bc-4146-85e8-60a091273756/aa198ce2-f9e3-47a9-b999-86d873140bac/proxy
  • /validate endpoint: https://auth.sether.com/cas/14326f79-53bc-4146-85e8-60a091273756/aa198ce2-f9e3-47a9-b999-86d873140bac/validate
  • /p3/serviceValidate endpoint: https://auth.sether.com/cas/14326f79-53bc-4146-85e8-60a091273756/aa198ce2-f9e3-47a9-b999-86d873140bac/p3/serviceValidate
  • /p3/proxyValidate endpoint: https://auth.sether.com/cas/14326f79-53bc-4146-85e8-60a091273756/aa198ce2-f9e3-47a9-b999-86d873140bac/p3/proxyValidate
  • /samlValidate endpoint: https://auth.sether.com/cas/14326f79-53bc-4146-85e8-60a091273756/aa198ce2-f9e3-47a9-b999-86d873140bac/samlValidate

For more information about CAS, its different versions, and parameters for these endpoints, refer to the CAS Protocol Specification.

An Example

Here is an official example GitHub Repository that contains a web app and utilizes the official CAS Java client GitHub Repository. By going through this example, you can learn how to connect to SetherAuth via CAS.

note

Note: Currently, SetherAuth only supports all three versions of CAS: CAS 1.0, 2.0, and 3.0.

The CAS configuration is located in src/main/webapp/WEB-INF/web.yml.

By default, this app uses CAS 3.0, which is specified by the following configurations:

<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter</filter-class>

If you want to protect this web app using CAS 2.0, change the CAS Validation Filter to the following:

<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>

For CAS 1.0, use the following:

<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>

For all instances of the casServerUrlPrefix parameter, change them to:

<param-name>casServerUrlPrefix</param-name>
<param-value>https://auth.sether.com/cas/14326f79-53bc-4146-85e8-60a091273756/aa198ce2-f9e3-47a9-b999-86d873140bac</param-value>

For all instances of the casServerLoginUrl parameter, change them to:

<param-name>casServerLoginUrl</param-name>
<param-value>https://auth.sether.com/cas/14326f79-53bc-4146-85e8-60a091273756/aa198ce2-f9e3-47a9-b999-86d873140bac/login</param-value>

If you need to customize more configurations, see the Java CAS client GitHub Repository for detailed information.